CS Mar-Apr 2024
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>2024</strong> predictions<br />
?? ?<br />
Corey Nachreiner, WatchGuard<br />
Technologies: expecting a major<br />
headline-stealing hack in <strong>2024</strong>.<br />
David Mahdi, Transmit Security: phishing<br />
attacks have increased over 1,200% in 2023<br />
- a meteoric rise since the release of GenAI.<br />
IRVIN SHILLINGFORD, REGIONAL<br />
MANAGER, NORTHERN EUROPE,<br />
HORNETSECURITY<br />
"In <strong>2024</strong>, businesses are faced with an everexpanding<br />
landscape of options, configurations<br />
and integrations to leverage the full<br />
potential of cloud computing. However, this<br />
rising complexity also amplifies the potential<br />
scope for cybersecurity attacks. Intricate<br />
systems may harbour vulnerabilities that, if<br />
exploited, could compromise sensitive data<br />
and pose significant threats to organisational<br />
security.<br />
"There's no doubt that the proliferation of<br />
generative AI has ushered in a new era of<br />
cyber-attacks, with sophisticated and adaptive<br />
algorithms being employed to execute<br />
unpredictable malicious activities.<br />
"The growing prominence of AI, coupled<br />
with the increasing complexity of cloud<br />
systems, has heightened the potential for<br />
cyber-attacks, as AI-driven threats ultimately<br />
look to exploit intricate vulnerabilities within<br />
cloud infrastructures.<br />
"With the launch of ChatGPT, the most widely<br />
known large language model (LLM), we've<br />
seen some evidence of threat actors using<br />
generative AI tools to prepare attacks and help<br />
write malware. Whilst the media have largely<br />
covered this malicious side of AI, the power<br />
of LLMs will also be used increasingly to help<br />
defenders. Two clear examples are log analysis<br />
and report writing, but it'll be exciting to see<br />
how it will help security analysts deal with<br />
workload and better protect their businesses.<br />
"There were countless examples of cloudrelated<br />
cyber-attacks throughout 2023, from<br />
Amazon S3 buckets being left unsecured, or<br />
even the breach of 38TBs worth of data stolen<br />
from Microsoft, due to a misconfigured Azure<br />
storage account. These are just examples<br />
involving cloud storage and don't include the<br />
massive adoption of cloud APIs or increasingly<br />
complex network configurations.<br />
"The rise of AI has also played a role in enabling<br />
cyber attackers to devise sophisticated<br />
strategies to bypass Multi-Factor Authentication<br />
(MFA) measures in businesses and<br />
compromise security defences. This includes<br />
fatigue attacks, which overwhelm users with<br />
numerous prompts and cause them to<br />
ultimately click 'accept' to prevent more<br />
notifications.<br />
"As businesses continue to adopt cloud<br />
technologies at a rapid scale, and with the<br />
increase in cloud-related innovation in the<br />
industry, security sometimes seems like an<br />
afterthought. Becoming cyber-resilient takes<br />
time, effort and persistence. Organisations<br />
must implement robust security measures,<br />
understand the technology they use, and<br />
ensure that employees are trained to recognise<br />
potential attacks and know the escalation<br />
process. By adopting a comprehensive<br />
approach that combines technology, education<br />
and proactive measures, businesses can<br />
significantly enhance their cybersecurity<br />
strategy."<br />
IAN ROBINSON, CHIEF ARCHITECT,<br />
TITANIA<br />
"Following a record-breaking number of cyberattacks<br />
in 2023, organisations are expecting<br />
more of the same in <strong>2024</strong>. And with 220,975<br />
published CVEs (taken from https://www.cve.<br />
org/ 5 Jan 24), it's not surprising that organisations<br />
are looking for more effective ways to<br />
analyse, understand and improve their risk<br />
posture at any given time - to stay off the<br />
'breached list'.<br />
"No small feat when tasked with tens of<br />
thousands of vulnerabilities, due to out-ofdate<br />
software and misconfigurations across<br />
the attack surface. Risk-based vulnerability<br />
management (RBVM) therefore has to be the<br />
priority, to understand, device-by-device, how<br />
best to deploy resources to remediate the<br />
most critical risks first. RBVM, coupled with a<br />
focus on regularly assessing critical segments.<br />
Not just at the perimeter (firewalls), but from<br />
the interior, too, because router and switch<br />
20<br />
computing security <strong>Mar</strong>ch/<strong>Apr</strong>il <strong>2024</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk